ATM hacking report: Scenarios from 2018 ATM hacks
19 Nov 2018 7:52 AM GMT
In January 2018, the�US Secret Service, as well as major ATM vendors issued urgent warnings about the threat of ATM hacking and attacks.
- To do its job, the application must communicate with ATM peripherals: get card information from the card reader, obtain user input from the keyboard, and send commands to the cash dispenser.
- In the case of insufficient network security, a criminal with access to the ATM network can target available network services, intercept and spoof traffic, and attack network equipment.
- Improper configuration refers to gaps in protection that a criminal can abuse if able to obtain access to the cabinet of the ATM: lack of hard drive encryption, authentication errors, poor protection against exiting kiosk mode, and the ability to connect arbitrary devices.
- Vulnerabilities needed for this attack vector are caused by poor firewall protection, use of vulnerable or out-of-date software versions (for example, vulnerabilities CVE-2017-8464 and CVE-2018-1038 enable remotely running arbitrary code and subsequently escalating privileges), and improper configuration of security tools (application whitelists tend to be excessively generous, as detailed later in this report).
- An attacker could use this to direct network traffic to a malicious device, intercept requests, and spoof responses from the processing center.
- During their research, our experts have discovered zero-day vulnerabilities in Application Control products such as GMV Checker ATM Security, Kaspersky Embedded Systems Security, and McAfee Application Control (Solidcore).
Next Story
